exploit the possibilities
Showing 1 - 25 of 39 RSS Feed

Files Date: 2011-09-19

WordPress Relocate Upload 0.14 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Relocate Upload plugin version 0.14 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 955ccf5f1ef7e6998b90fe76f230fad7
WordPress Mini Mail Dashboard Widget 1.36 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Mini Mail Dashboard Widget plugin version 1.36 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 42f84d2ae224633ff4aa5f7ac7d26707
WordPress Zingiri Web Shop 2.2.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Zingiri Web Shop plugin version 2.2.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, web, code execution, file inclusion
MD5 | c4e56f50e33f6e99e72500b20e205f2b
WordPress Mailing List 1.3.2 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Mailing List plugin version 1.3.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 28d9d9be91193a7e3114e9b74d9f7b99
Ubuntu Security Notice USN-1209-2
Posted Sep 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1209-2 - It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1196, CVE-2011-1931, CVE-2011-3362
MD5 | fb87d015e32694d5ad748c9519110423
Ubuntu Security Notice USN-1209-1
Posted Sep 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1209-1 - It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. It was discovered that FFmpeg incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1196, CVE-2011-1931, CVE-2011-2161, CVE-2011-3362
MD5 | d8a41eedb2b687b447fbeaf2d7f80718
Red Hat Security Advisory 2011-1317-01
Posted Sep 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1317-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

tags | advisory, remote, overflow, arbitrary, imap
systems | linux, redhat
advisories | CVE-2011-3208
MD5 | fb99783908201febb790117035d2c284
HP Security Bulletin HPSBMU02705 SSRT100622
Posted Sep 19, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02705 SSRT100622 - A potential security vulnerability has been identified with HP Business Service Automation (BSA) Essentials. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2011-2412
MD5 | 323d2294a3d1b4eafd4d25c5be2452b5
Microsoft Office Excel Formula Record Heap Corruption
Posted Sep 19, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a heap corruption error when processing malformed Formula records within an Excel document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted XLS document.

tags | advisory
MD5 | ed77947945df220f6334329c58e5cec8
WordPress Plugin timthumb.php Shell Upload
Posted Sep 19, 2011
Authored by Ben Schmidt

Multiple WordPress plugins suffer from a remote shell upload vulnerability due to the reuse of the vulnerable timthumb.php library.

tags | exploit, remote, shell, php
MD5 | ad12189e80c9e90c488f59f3a7757e3a
Cisco TelePresence Cookie Theft / Impersonation / Code Execution
Posted Sep 19, 2011

Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution
systems | cisco
advisories | CVE-2011-2544, CVE-2011-2543, CVE-2011-2577
MD5 | b3e3a464067d7bb9b213203165d44057
Debian Security Advisory 2305-1
Posted Sep 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2305-1 - Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security.

tags | advisory
systems | linux, debian
advisories | CVE-2011-0762, CVE-2011-2189
MD5 | 3c86b92d8d7ddc2ce131fed1ab15fb04
WordPress TheCartPress 1.1.1 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress TheCartPress plugin version 1.1.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | f75487ca5796de6ef1fd632b85e38c21
WordPress AllWebMenus 1.1.3 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress AllWebMenus plugin version 1.1.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 0d1429317401b9922d17351e7abd419f
WordPress WPEasyStats 1.8 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress WPEasyStats plugin version 1.8 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | f3a02d8a589eea538f71d4342e7f664e
WordPress Annonces 1.2.0.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress Annonces plugin version 1.2.0.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | ba566b4201a28eb76d9a57dcaf376393
WordPress Livesig 0.4 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress Livesig plugin version 0.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 41590b0fb1e187031d440f7e415ca4f3
DaqFactory HMI NETB Request Overflow
Posted Sep 19, 2011
Authored by Luigi Auriemma, mr_me | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.

tags | exploit, overflow
advisories | CVE-2011-3492, OSVDB-75496
MD5 | d76fb4fa40a1b6ffe92ca4a4a356d388
WordPress Disclosure Policy 1.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Disclosure Policy plugin version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | ece94f3271b5df1df9866d425bf0fe09
Stunnel SSL Wrapper 4.44
Posted Sep 19, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Bugs in the new SNI and memory management code were fixed. Buffer overflow protection was implemented for heap allocations, and gcc buffer overflow protection was enabled for stack allocations.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | c9dd51fc02b913ce5bf7b3fc12f9cb4a
Vlock Session Locker 2.2.3
Posted Sep 19, 2011
Authored by Frank Benkstein

vlock is a program to lock one or more sessions on the Linux console. This is especially useful for Linux machines which have multiple users with access to the console. One user may lock his or her session(s) while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled.

Changes: This release fixes vlock not reacting to input when started in the background from bash.
systems | linux, unix
MD5 | 378175c7692a8f288e65fd4dbf8a38eb
Toko Lite CMS 1.5.2 HTTP Response Splitting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.

tags | exploit, web, arbitrary, php
MD5 | 34672c438690517a794e2988f0aa13cb
Toko Lite CMS 1.5.2 Cross Site Scripting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2cf5a6a9043d77e534c287aa0742d39c
Aspgwy Access 1.0.0 Cross Site Scripting
Posted Sep 19, 2011
Authored by kurdish hackers team | Site kurdteam.org

Aspgwy Access version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c342bff74f58653cb19802f52dd5d515
WordPress Filedownload 0.1 File Disclosure
Posted Sep 19, 2011
Authored by Septemb0x

WordPress Filedownload plugin version 0.1 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 1c6b7134cba84b45cc86eed54ec84e8e
Page 1 of 2
Back12Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close